How is open source changing the way software is created, used, and understood?

How do we balance surveillance, privacy, free speech, & national security?

That last one produced an interesting, yet common, reaction from my students a few weeks ago. In preparation for class, we read several articles about increasing surveillance by government and private corporations, filled with anecdotes and events such as the following:

At West Hills High School, in Santee, California, surveillance cameras and gear donated by PacketVideo and Cisco record virtually every move anyone makes on campus. Boston's Tewksbury Memorial High School uses cameras to enable educators and police to extensively monitor the hallways. The article ends with a 66-year-old grandfather asserting that "it's time to embrace Big Brother."

Stores in Jefferson County, Colorado, will begin requiring shoppers paying by check or credit card to give their fingerprint, in an effort to cut down on identity theft and to find criminals.

Cameras are sprouting up everywhere in little Porterville, California, with three at various McDonald's, one at Starbucks, nine at the movie theater, 73 at the Mervyn's department store, four at Wal-Mart, and quite a few at Tom Barcellos' dairy farm. In New York City, a world away from Porterville, the average person is recorded on cameras around 75 times a day.

And on and on. I could fill 25 pages with examples, but all of them repeat the same refrain: incidences of surveillance are increasingly prevalent, not only in America, but around the world and in many countries that supposedly embody the ethics of freedom, privacy, and non-intrusive government. We are being watched almost everywhere, almost all the time, and most of the time we have no idea that such surveillance is taking place.

When I asked my students what they thought, I heard several varieties of the same sentiment.

"It doesn't bother me."

"I'm not doing anything illegal."

"If you're not doing something wrong, you shouldn't worry about it."

"I trust the government."

"It's not that big of a deal."

Out of ten students, only one was seriously upset; in fact, he said he found the prospect of such constant monitoring to be "terrifying."

So what about the blasé attitude expressed by my students? Are they correct? If you're not doing anything wrong, do you really have nothing to worry about?

I don't feel so blasé.

It's too easy to forget that there's a human behind the camera's eye, or the computer keyboard, or the all-knowing database admin. We humans have an unfortunate and almost universal tendency to abuse the power we're given. Those in power - and "power" here is a very relative word, since power comes from the ability to change some other person or thing through one's actions - often have their own ends, motives, and ideas that are in wide variance from the public trust they've been handed. Again, a mountain of examples could back this up, but here are a few:

A Lansing, Michigan police detective uses the Law Enforcement Information Network to keep tabs on his estranged ex-wife and her friends. Soon afterward, she is mysteriously shot and killed at a zoo.

An Edmonton, Canada journalist writes a column critical of the local police force's camera and radar system used to create a ticket trap, so the police illegally examine the vehicle licensing database, just a few clicks away, to find out where the journalist lived and what kind of car he drives, and then stake out a bar he's visiting in hopes of catching him in an attempt to drive drunk.

There are plenty more where this came from. A good list, for instance, can be found at "Top 10 List of Police Database Abuses", or just Google for "police database abuse" or related topics, and you'll find further examples. We can secure the databases themselves, but not necessarily what is done with the information. Of course, it's not just the police. It's anyone who has access to these databases, phone records, camera recordings, computer logs, credit card receipts, and the other data droppings we leave behind us as we go through our lives.

You may be doing nothing at all "wrong," but "wrong" unfortunately can depend on the eye of the beholder. Is it "wrong" to be a Muslim in America after 9/11? Is it "wrong" to be a kid who doesn't like his principal, and let's her know it? Is it "wrong" to date a woman whose ex-husband is a jealous security guard? Is it "wrong" to criticize law enforcement in your community? Is it "wrong" to challenge a presidential administration? Not objectively, no, but to those whose power and authority is threatened, it most certainly is. You may not be "wrong" today, but you may be tomorrow, for the mildest of reasons ... and what is worse, you may be morally, ethically, and legally in the right!

To accept the surveillance that is everywhere around us, we have to believe the idea that it is almost always done for the purest motives and hardly ever abused, and that if abuses occur, that they are always discovered and rectified. I find that too much to swallow, and my experience leads me instead to believe that we are too often surveilled because the technology exists and makes it easy, not because it is necessary; that abuses can and do occur, many more times than we think; and that we find out about only a small number of those abuses.

I don't think I'm doing anything wrong as I live my life; that is, I'm not breaking any laws, beyond the occasional exceeding of speed limits. But I still worry: what if someone else, who has access to electronic data about me, decides that I've done something wrong, or at least wrong as he sees it? What then? How do we secure against this type of access?

Now turn that thought around on yourself: can you tell me, truthfully, that surveillance doesn't bother you, since you never do anything wrong? Just remember to always ask the question: "Wrong to whom?"

Scott Granneman teaches at Washington University in St. Louis,
consults for WebSanity, and writes for SecurityFocus and Linux
Magazine. His latest book, Linux Phrasebook, is in stores now.